a material for the Reading PLDI Papers PLDIr study group written by Kazuhiro Inaba wwwkmonosnet under my own understanding of the papers published at PLDI So it may include many mistakes etc ID: 435149
Download Presentation The PPT/PDF document "This slide was" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
This slide was
a material for the “Reading PLDI Papers (
PLDIr
)” study group
written by Kazuhiro Inaba (
www.kmonos.net
), under my own understanding of the papers published at PLDI
So, it may include many mistakes etc
For your correct understanding, please consult the original paper and/or the authors
’ presentation slide!Slide2
The
Set Constraint/CFL ReachabilityConnection in Practice
PLDIr #12Mar 12, 2011paper written by J. Kodumal and A. Aiken(PLDI 2004)
k.inaba
(
稲葉 一浩
), reading:Slide3
解きたい問題(の例)
「tainted とマークされた値が
untainted マークの変数に入らない」の静的検証int id(int y1) { int y2 = y1; return y2; }
int
main(void)
{
tainted
int
x1;
int
z1, x2;
untainted
int
z2;
z1 = id(x1); // call site 1
z2 = id(x2); // call site 2
}Slide4
典型手法
:グラフの到達可能性問題と見なす
int id(int y1){int y2=y1; return y2;}int main(void) { tainted int x1;
int
z1, x2;
untainted
int z2; z1 = id(x1); // call site 1 z2 = id(x2); // call site 2}
x1
y1
y2
z1
z2
x2
危
安
危
安
から
に行ける?Slide5
Better
な精度の典型手法:グラフのCFL到達可能性問題と見なす
int id(int y1){int y2=y1; return y2;}int main(void) { tainted
int
x1;
int
z1, x2;
untainted int z2; z1 = id(x1); // call site 1 z2 = id(x2); // call site 2
}
x1
y1
y2
z1
z2
x2
危
安
r1
r2
c1
c2
危
安
から
に
c1r1 | c2r2
で
行ける?Slide6
CFL
Reachability を解く典型手法:“Set Constraint” 問題に帰着
CFL Reachability の計算量O( |文法|3 |グラフ|3
)
CYK
構文解析
+
Warshall-Floyd 到達可能性多項式時間だけど実用には厳しい重さヒューリスティックス Solver のある問題に帰着
“Set Constraint” 問題Slide7
“Set Constraint”
問題こんな連立方程式を解く問題。
集合Xの要素とYの要素をconsしたら Y に入るnil というアトムは集合 Y に入る集合
Y
の
cons
の形の要素の第一要素は
one
cons(X, Y) ⊆ Ynil
⊆
Y 1(Y) ⊆ one
consSlide8
既存のやり方の流れ
int id(int y1){int y2=y1; return y2;}
int main(void) { tainted int x1; int
z1, x2;
untainted
int
z2; z1 = id(x1); // call site 1 z2 = id(x2); // call site 2}
x1
y1
y2
z1
z2
x2
危
安
r1
r2
c1
c2
cons(X, Y)
⊆
Y
nil
⊆
Y
1(Y)
⊆
one
cons
解く
CFLReachability
を
Set Constraint
に
解析の問題を
CFL
Reachability
にSlide9
問題点
x1
y1
y2
z1
z2
x2
危
安
r1
r2
c1
c2
cons(X, Y)
⊆
Y
nil
⊆
Y
1(Y)
⊆
one
cons
CFL
Reachability
を
Set Constraint
に
[
Melski&Reps
97]
まだ
遅いSlide10
観察
一般の CFLReach を解きたいわけじゃない
プログラム解析から現れるような CFLReach が解ければよい“Call-Ret の対応が取れてる
”
を表す文法の
CFLReach
が解ければ十分では?
x1
y1
y2
z1
z2
x2
危
安
r1
r2
c1
c2Slide11
この論文のやったこと
:“DyckCFL” に特化した帰着法
k-DyckCFLS ::= P*P ::= (1 S )1 | (2 S )2 | … | (k S )
k
「対応のとれた括弧の列」Slide12
tbwSlide13
結果
漸近計算量 O( |文法|3
|グラフ|3 ) O( |文法| |グラフ|3 )